Creating a WHMCS Honey Pot is fairly easy.

Almost all WHMCS websites will be a target of bots and hacking at some point (That should be an accepted fact as a WHMCS powered business owner).

Knowing where to place the honey is usually the tricky part of any honey pot but its easy with WHMCS since the first place an evil bot or attacker will recon is yourinstall.com/admin/. With the hopes that you have not followed the WHMCS security best practice and changed your Admin URL.

Knowing the location of your WHMCS Admin url is one of the first steps in an attacker gaining unauthorized access to your WHMCS website.

Step 1

Follow the WHMCS security tips and change your WHMCS URL and install our WHMCS Firewall module (which will also alert you if you did not complete the security steps).

Step 2

So now we know that any IP that visit’s yourwebsite.com/admin/ is not there for a good reason.

Those high risk IP addresses will be need to be saved (for later review), banned from WHMCS (client area and True Admin login) and optionally banned on all other WHMCS website under your control.

Some people will say “blocking single IPs is useless”. We say, then why does every Firewall created (and that will ever be created) allow blocking single IPs? The answer is simple, blocking single IPs, slows down and discourages an attacker. Sure they can change IPs and come again but let them work for it and don’t just take it laying down.

WHMCS websites under your control

1. WHMCS websites that you own/or manage and have full Admin rights to login.

and/or

2. WHMCS websites that you host and therefore control the DNS that routes traffic to those websites.

Whitelist IP’s

Automated IP blocking means that you need to have a carefully crafted whitelist of IPs to prevent your blacklist feature from actually being used against you. The answer to which IPs should be on your whitelist is determined by your specific network and hosting environment.

Search Engine IP’s

Search Engines do not have to visit yourinstall.com/admin/ so therefore you can easily tell them not to in a robots.txt file.

*The important search engines like Google, Bing and Yahoo will respect those rules and not get their IP addresses caught in the honey pot as a result.

*More information will be added to this Article shortly.

This feature is scheduled for WHMCS Firewall 3.5.0

user-agents-IP